SECURITY POLICY
GAMES PRESS LTD

We do run a bug bounty programme at Games Press, and have paid out on a number of bounties in the past, always over $100.

If your Bug Bounty message is a speculative one, please DO NOT penetration test our live sites. We have a special site at

https://bugbounty.gamespress.com

This site uses the same code base as our live sites. Any possible vulnerabilities are just as likely to exist on this site.
Only under exceptional circumstances will we consider submissions on live sites rather than this test site.

If you spot anything you would like to report to us, please email details to bugbounty@gamespress.com. It is vital you include the URL of the site in your initial email.

Before we can commit to any payments, though, we need to be sure of a few things:
* We need you to confirm the domain name and URL you’ve found this on.
* The vulnerability cannot be one that can be found using automated tools; we’re probably already aware of it if that’s the case
* In fact, any vulnerability has to be one we’re not already aware of
* Our categorisation of vulnerability won’t always align with standard categorisations. We’re far more aware of potential risks to our systems, and we may well have other protections further down the line.
* While we fully believe in and support ethical disclosures, our decision on the value of bounty, or if one is even justified, is final. We will need to investigate you and the vulnerability before any payment will be made.

Steve Owen
Technical Director
Games Press Ltd
steve dot owen at gamespress dot com